Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
- ██ ██
- ██ ██████╗ █████╗ ██████╗ ████████╗██╗ ██╗██████╗ ███████╗ ████████╗██╗ ██╗███████╗ ███████╗██╗ █████╗ ██████╗ ██
- ██ ██╔════╝██╔══██╗██╔══██╗╚══██╔══╝██║ ██║██╔══██╗██╔════╝ ╚══██╔══╝██║ ██║██╔════╝ ██╔════╝██║ ██╔══██╗██╔════╝ ██
- ██ ██║ ███████║██████╔╝ ██║ ██║ ██║██████╔╝█████╗ ██║ ███████║█████╗ █████╗ ██║ ███████║██║ ███╗ ██
- ██ ██║ ██╔══██║██╔═══╝ ██║ ██║ ██║██╔══██╗██╔══╝ ██║ ██╔══██║██╔══╝ ██╔══╝ ██║ ██╔══██║██║ ██║ ██
- ██ ╚██████╗██║ ██║██║ ██║ ╚██████╔╝██║ ██║███████╗ ██║ ██║ ██║███████╗ ██║ ███████╗██║ ██║╚██████╔╝ ██
- ██ ╚═════╝╚═╝ ╚═╝╚═╝ ╚═╝ ╚═════╝ ╚═╝ ╚═╝╚══════╝ ╚═╝ ╚═╝ ╚═╝╚══════╝ ╚═╝ ╚══════╝╚═╝ ╚═╝ ╚═════╝ ██
- ██ Event: Blip Security Champions █ Date: 28th of November, 2014 █ Maximum Points: 1550 ██
- ███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
- █ █
- █ Team Name: SCP______________________________ █ Team Members: ___________________________________________ █ Final Result: ______ █
- █ █
- ███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
- █ ╦ ╦┌─┐┌┐
- █ ║║║├┤ ├┴┐
- █ ╚╩╝└─┘└─┘
- █ Cross-Site-Scripting Everwhere!
- █ Points: ___ / 530.
- ██████████████████████████████████████████████████
- █ █
- █ Challenge: Pop alert(1) on all the sites. █
- █ █
- ██████████████████████████████████████████████████
- URL: web/webA.html
- Points:
- * Pop alert(1) = 50
- * Not Expected XSS Vector += 20
- * More than one solution += 20
- Answer: in any the cell writte "=alert(1)"
- URL: web/webB.html
- Points:
- * Pop alert(1) = 70
- * Not Expected XSS Vector += 20
- * More than one solution += 20
- Answer: on cell A1 input "alert", on cell B1 input "(1)" and on cell B3 "=eval(localStorage.A1 + localStorage.B1)"
- URL: web/webC.php
- Points:
- * Pop alert(1) = 100
- * Not Expected XSS Vector += 20
- * More than one solution += 20
- Answer:
- Change url to http://pathonproject.com/blip/CTF/web/webC.php?xss=1, and execute this on console:
- var foo = {
- click: function(str) {
- alert(str);
- }
- };
- Click on link
- URL: web/webD.php
- Points:
- * Pop alert(1) = 150
- * Not Expected XSS Vector += 20
- * More than one solution += 20
- Answer: Change url to http://pathonproject.com/blip/CTF/web/webD.php?xss=1, and execute this on console:
- alert(email);
- █ ╔═╗┬┌─┐┬ ┬┌─┐┬─┐┌─┐
- █ ║ │├─┘├─┤├┤ ├┬┘└─┐
- █ ╚═╝┴┴ ┴ ┴└─┘┴└─└─┘
- █ Lets see what is behind this string.
- █ Points: __ / 100.
- ██████████████████████████████████████████████████
- █ █
- █ Challenge: What is the password? █
- █ █
- ██████████████████████████████████████████████████
- String A: 001024015019007003000001020010000031000028007014004015012026021
- String C: blipsecuritychampions
- Points:
- * Discover Password = 100
- Answer: _________________________________________.
- █ ╔╗╔┌─┐┌┬┐┬ ┬┌─┐┬─┐┬┌─
- █ ║║║├┤ │ ││││ │├┬┘├┴┐
- █ ╝╚╝└─┘ ┴ └┴┘└─┘┴└─┴ ┴
- █ Network dumps are awesome!
- █ Points: __ / 190.
- ██████████████████████████████████████████████████
- █ █
- █ Challenge: Analyze the Network dump. █
- █ █
- ██████████████████████████████████████████████████
- File: network/networkdump.pcap
- Questions:
- A - Artist and Music on the dump.
- B - What is the name of the security technique being used.
- C - How to access the server.
- Points:
- * Correct Artist and Music = 40
- * Name of the Technique = 50
- * Procedure = 100
- Answer A: _______________________________________.
- Answer B: _______________________________________.
- Answer C: _______________________________________.
- █ ╔═╗┌─┐┬─┐┌─┐┌┐┌┌─┐┬┌─┐┌─┐
- █ ╠╣ │ │├┬┘├┤ │││└─┐││ └─┐
- █ ╚ └─┘┴└─└─┘┘└┘└─┘┴└─┘└─┘
- █ Lets find the truth!
- █ Points: __ / 100.
- ██████████████████████████████████████████████████
- █ █
- █ Challenge: Analyze the image file. █
- █ █
- ██████████████████████████████████████████████████
- File: forensics/blip.jpg
- Question:
- A - Find the exact location.
- B - What is the flag?
- Points:
- * Location Information = 50
- * Flag = 50
- Answer A: _______________________________________.
- Answer B: _______________________________________.
- █ ┌─┐┌─┐┌─┐┌─┐┬┌─┐┬ ┌─┐
- █ └─┐├─┘├┤ │ │├─┤│ └─┐
- █ └─┘┴ └─┘└─┘┴┴ ┴┴─┘└─┘
- █ Lets pwn some kitties!
- █ Points: __ / 630.
- ██████████████████████████████████████████████████
- █ █
- █ Challenge: Get root! w/ extras. █
- █ █
- ██████████████████████████████████████████████████
- IP:
- Extras:
- - Get root password
- - Get neo password
- - Get selene password
- Points:
- * Get root on the box = 240
- * root user password += 30
- * neo user password += 30
- * selene user password += 30
- Answer (root): __________________________________.
- Answer (neo): ___________________________________.
- Answer (selene): ________________________________.
- ██████████████████████████████████████████████████
- █ █
- █ Challenge: Pop a Shell with help of BeEF! █
- █ █
- ██████████████████████████████████████████████████
- IP:
- Points:
- * Pop a Shell w/ BeEF = 300
- ███████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████████
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement